<div dir="ltr"><div>Not at this moment :<br>$ dig @<a href="http://8.8.8.8">8.8.8.8</a> mx <a href="http://uscg.mil">uscg.mil</a>. +dnssec<br><br>; <<>> DiG 9.8.4-rpz2+rl005.12-P1 <<>> @<a href="http://8.8.8.8">8.8.8.8</a> mx <a href="http://uscg.mil">uscg.mil</a>. +dnssec<br>
; (1 server found)<br>;; global options: +cmd<br>;; Got answer:<br>;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 42506<br>;; flags: qr rd ra ad; QUERY: 1, ANSWER: 9, AUTHORITY: 0, ADDITIONAL: 1<br><br>;; OPT PSEUDOSECTION:<br>
; EDNS: version: 0, flags: do; udp: 512<br>;; QUESTION SECTION:<br>;<a href="http://uscg.mil">uscg.mil</a>. IN MX<br><br>;; ANSWER SECTION:<br><a href="http://uscg.mil">uscg.mil</a>. 8478 IN MX 40 <a href="http://smtp-gateway-4.uscg.mil">smtp-gateway-4.uscg.mil</a>.<br>
<a href="http://uscg.mil">uscg.mil</a>. 8478 IN MX 40 <a href="http://smtp-gateway-4a.uscg.mil">smtp-gateway-4a.uscg.mil</a>.<br><a href="http://uscg.mil">uscg.mil</a>. 8478 IN MX 10 <a href="http://smtp-gateway-2.uscg.mil">smtp-gateway-2.uscg.mil</a>.<br>
<a href="http://uscg.mil">uscg.mil</a>. 8478 IN MX 20 <a href="http://smtp-gateway-5a.uscg.mil">smtp-gateway-5a.uscg.mil</a>.<br><a href="http://uscg.mil">uscg.mil</a>. 8478 IN MX 10 <a href="http://smtp-gateway-1.uscg.mil">smtp-gateway-1.uscg.mil</a>.<br>
<a href="http://uscg.mil">uscg.mil</a>. 8478 IN MX 20 <a href="http://smtp-gateway-5.uscg.mil">smtp-gateway-5.uscg.mil</a>.<br><a href="http://uscg.mil">uscg.mil</a>. 8478 IN MX 10 <a href="http://smtp-gateway-1a.uscg.mil">smtp-gateway-1a.uscg.mil</a>.<br>
<a href="http://uscg.mil">uscg.mil</a>. 8478 IN MX 10 <a href="http://smtp-gateway-2a.uscg.mil">smtp-gateway-2a.uscg.mil</a>.<br><a href="http://uscg.mil">uscg.mil</a>. 8478 IN RRSIG MX 7 2 86400 20131118074336 20131113074105 53369 <a href="http://uscg.mil">uscg.mil</a>. F...<br>
<br></div>Observe : AD bit set.<br><br>Kind regards,<br><br></div><div class="gmail_extra"><br><br><div class="gmail_quote">On Thu, Nov 14, 2013 at 7:00 PM, Khuu, Linh Contractor <span dir="ltr"><<a href="mailto:Linh.Khuu@ssa.gov" target="_blank">Linh.Khuu@ssa.gov</a>></span> wrote:<br>
<blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">Hi,<br>
<br>
Does anyone have any DNSSEC problem with <a href="http://uscg.mil" target="_blank">uscg.mil</a>.<br>
<br>
On our DNS servers, we have seen broken trust chain error and the validation failed.<br>
<br>
14-Nov-2013 12:57:37.486 lame-servers: error (broken trust chain) resolving '<a href="http://uscg.mil/A/IN" target="_blank">uscg.mil/A/IN</a>': 199.211.218.6#53<br>
14-Nov-2013 12:57:37.573 lame-servers: error (broken trust chain) resolving '<a href="http://uscg.mil/A/IN" target="_blank">uscg.mil/A/IN</a>': 199.211.218.6#53<br>
14-Nov-2013 12:57:37.658 lame-servers: error (broken trust chain) resolving '<a href="http://uscg.mil/MX/IN" target="_blank">uscg.mil/MX/IN</a>': 199.211.218.6#53<br>
14-Nov-2013 12:57:37.743 lame-servers: error (broken trust chain) resolving '<a href="http://uscg.mil/MX/IN" target="_blank">uscg.mil/MX/IN</a>': 199.211.218.6#53<br>
<br>
14-Nov-2013 12:58:12.878 dnssec: debug 3: validating @23cee638: <a href="http://uscg.mil" target="_blank">uscg.mil</a> AAAA: in authvalidated<br>
14-Nov-2013 12:58:12.878 dnssec: debug 3: validating @23cee638: <a href="http://uscg.mil" target="_blank">uscg.mil</a> AAAA: authvalidated: got broken trust chain<br>
14-Nov-2013 12:58:12.878 dnssec: debug 3: validating @23cee638: <a href="http://uscg.mil" target="_blank">uscg.mil</a> AAAA: resuming nsecvalidate<br>
14-Nov-2013 12:58:13.058 dnssec: debug 3: validating @23cee638: <a href="http://uscg.mil" target="_blank">uscg.mil</a> A: starting<br>
14-Nov-2013 12:58:13.058 dnssec: debug 3: validating @23cee638: <a href="http://uscg.mil" target="_blank">uscg.mil</a> A: attempting positive response validation<br>
14-Nov-2013 12:58:13.058 dnssec: debug 3: validating @23cee638: <a href="http://uscg.mil" target="_blank">uscg.mil</a> A: in fetch_callback_validator<br>
14-Nov-2013 12:58:13.058 dnssec: debug 3: validating @23cee638: <a href="http://uscg.mil" target="_blank">uscg.mil</a> A: fetch_callback_validator: got failure<br>
14-Nov-2013 12:58:13.233 dnssec: debug 3: validating @23cee638: <a href="http://uscg.mil" target="_blank">uscg.mil</a> MX: starting<br>
14-Nov-2013 12:58:13.233 dnssec: debug 3: validating @23cee638: <a href="http://uscg.mil" target="_blank">uscg.mil</a> MX: attempting positive response validation<br>
14-Nov-2013 12:58:13.233 dnssec: debug 3: validating @23cee638: <a href="http://uscg.mil" target="_blank">uscg.mil</a> MX: in fetch_callback_validator<br>
14-Nov-2013 12:58:13.233 dnssec: debug 3: validating @23cee638: <a href="http://uscg.mil" target="_blank">uscg.mil</a> MX: fetch_callback_validator: got failure<br>
<br>
Thanks,<br>
Linh Khuu<br>
Network Security Specialist<br>
Northrop Grumman IS | Civil Systems Division (CSD)<br>
Office: <a href="tel:410-965-0746" value="+14109650746">410-965-0746</a><br>
Pager: <a href="tel:443-847-7551" value="+14438477551">443-847-7551</a><br>
Email: <a href="mailto:Linh.Khuu@ssa.gov">Linh.Khuu@ssa.gov</a><br>
_______________________________________________<br>
Please visit <a href="https://lists.isc.org/mailman/listinfo/bind-users" target="_blank">https://lists.isc.org/mailman/listinfo/bind-users</a> to unsubscribe from this list<br>
<br>
bind-users mailing list<br>
<a href="mailto:bind-users@lists.isc.org">bind-users@lists.isc.org</a><br>
<a href="https://lists.isc.org/mailman/listinfo/bind-users" target="_blank">https://lists.isc.org/mailman/listinfo/bind-users</a><br>
</blockquote></div><br></div>